constraintViolation(19) when adding entry with blank attribute
search cancel

constraintViolation(19) when adding entry with blank attribute


Article ID: 93288


Updated On:


CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting


When trying to add a user (or users) to CA Directory DSA fails with constraint violation.
Example of errors seen in various DSA logs are:

Query log:
[108] 20180427.173528.751 0.10 ADD dn="uid=TEST,ou=People,ou=ABC,dc=company,dc=com" source="client" controls="manage-dsa-it"
[108] 20180427.173528.751 0.10 RESULT error attribute 5 constraintViolation(19)

Trace log: (with level set to 'all')
! [108] Adding attribute {your_attribute_name}
? [108] 20180427.173528.751 WARN : Cannot add null value for syntax 4
? [108] 20180427.173528.751 WARN : Cannot add entry to cache - rolling back
> [108]   invoke-id = 10   credit = 1
> [108]   Attribute Error:
> [108]     Entry:
> [108]       <cosineDomainComponent "com">
> [108]       <cosineDomainComponent "company">
> [108]       <organizationalUnitName "ABC">
> [108]       <organizationalUnitName "People">
> [108]       <cosineUserid "TEST">
> [108]     Attribute: {your_attribute_name}
> [108]     Problem: Constraint violation



Component: ETRDIR


The problem here is attribute syntax 'caseIgnoreString' vs 'caseIgnoreIA5String'.
The above can happen when an attempt is made to insert a null/blank character to an attribute while the syntax type of that attribute is 'caseIgnoreString'. Due to strict x500 standards, CA Directory doesn't allow that. If you must, you can change the syntax to 'caseIgnoreIA5String'.

NOTE: Modifying any CA Directory product provided schema file is not supported. Use it at your own risk. Good idea to create your own extended schema and use that as your business requirement.